Source User Information from Syslog push to PA

Reply
Highlighted
L3 Networker

Source User Information from Syslog push to PA

Hi we use Aerohive AP and from there i get syslogs at my Kiwi Syslog Server. Like this one:

ah_auth: add new RT sta: MAC=xxxxxxxx, IP=10.100.100.20, hostname=xxxxx, username=xxxxxx on wifi0.7

And now i need this information in the PA because there i only see in the traffic monitor the Source IP Adress from the AP and no Source User.

How can i configure that the PA can take the log information from the kiwi syslog? Or is there an easy way to take the Aerohive Login/logout and device informations to the firewall?

 

Aerohive and Palo Alto Network have a cooperation... https://manualzz.com/doc/23623919/aerohive-and-palo-alto-networks

Highlighted
Cyber Elite

@clonesheep

Easiest way would be to configure the User-ID agent as a syslog listener, and then build out a syslog filter to identify a login and logout event. I believe the Aerohive AP v1.0.0 Syslog Parse Profile actually looks like it would work for your login event. 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!